Vulnerabilities > CVE-2007-3022 - Unspecified vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
symantec
nessus
NVD
Published: 2007-06-05
Updated: 2024-11-21

Summary

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

Vulnerable Configurations

Part Description Count
Application
Symantec
12

Nessus

NASL familyCGI abuses
NASL idSYMANTEC_REPORTING_SERVER_1_0_224.NASL
descriptionThe remote host is running Symantec Reporting Server, a web-based tool for creating reports about Symantec enterprise antivirus products. The version of Symantec Reporting Server installed on the remote host allows a remote attacker to bypass authentication to various scripts and gain access to the application. Additionally, it reportedly allows a user to create a malicious executable in the process of exporting data. This could, in turn, be executed in the context of the web server user, and may display the administrator
last seen2020-06-01
modified2020-06-02
plugin id25458
published2007-06-08
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25458
titleSymantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities

References